In general, an example of information leakage includes threats targeted for portable information terminals having mounted thereon Android (registered trademark) or the like. An attacker allows a malicious Android application (hereinafter, referred to as Android malware) to be installed into a terminal of a user by using various methods. The installed Android malware sends important information, such as personal information on the user and a unique ID of a device, stored in the terminal to the source of the attacker.
The technology that analyzes such Android malware is broadly divided into two types, i.e., a dynamic analysis technology that allows Android malware to be operated in an isolated environment and observes behaviors at the time of execution and a static analysis technology that deciphers execution codes by using a reverse engineering technology.
There is a static taint analysis technology as one of static analysis technologies that detect Android malware that leaks information. The static taint analysis technology detects whether data acquired by a function (hereinafter, referred to as Source) that acquires information targeted for leakage is input to a function (hereinafter, referred to as Sink) that leaks information outside the terminal, i.e., detects whether a data flow from the Source to the Sink is present. If the data flow from the Source to the Sink is detected, this means that an execution path for performing information leakage is present in an execution code of the analysis target application (see Non-Patent Document 1).
The static taint analysis technology is based on the technology of data flow analysis that collects sets of values that can be obtained by data at various places in the execution code. If the technology of data flow analysis is used, it is possible to analyze whether the value of a variable A at a certain point in, for example, a program reaches a variable B at another point, i.e., whether both the variables A and B take the same value (see Non-Patent Document 2).
In this way, conventionally, the static taint analysis technology targeted for the Android application uses the execution code of the Android application (hereinafter, also referred to as an application code) developed in Java (registered trademark) as an analysis target.